1. The Privacy Rule aims to balance two interests in the handling of “protected health information” (PHI). What are those two interests?
2. What are the situations in which a covered entity must disclose PHI?
3. What is the relationship of a “business associate” to a “covered entity”?
4. Breach of Information at Business Associate
You received a call from a patient today whose identity has been stolen. He blames your facility for the breach. You researched his complaint and do not find any indication that there has been a breach of the patient’s data. You decide to call your business associates to see what they can find. When you call Coding Consulting, they admit that they had a security breach several months ago due to a hacker, and patient information was accessed. This patient information included Social Security numbers. Coding Consulting had not notified you of their breach as per the business associate agreement.
a) Identify the privacy and security violations that have occurred
b) Determine what your facility should do now.